commit-lint[bot]
commented
1 year ago Bug Fixes
- functions/package.json & functions/package-lock.json to reduce vulnerabilities (3f40130)
Contributors
Commit-Lint commands
You can trigger Commit-Lint actions by commenting on this PR: - `@Commit-Lint merge patch` will merge dependabot PR on "patch" versions (X.X.Y - Y change) - `@Commit-Lint merge minor` will merge dependabot PR on "minor" versions (X.Y.Y - Y change) - `@Commit-Lint merge major` will merge dependabot PR on "major" versions (Y.Y.Y - Y change) - `@Commit-Lint merge disable` will desactivate merge dependabot PR - `@Commit-Lint review` will approve dependabot PR - `@Commit-Lint stop review` will stop approve dependabot PR
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - functions/package.json - functions/package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **658/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: firebase-functions
The new version differs by 19 commits.- 4fdf9db 3.6.2
- f907d68 Update CHANGELOG.md (#694)
- 9431102 fix: move jsonwebtoken to dev dependencies (#677)
- 8d0a6c2 pin @ types/express version (#686)
- 1bd2736 Fixes to reference doc generation for functions.https (#690)
- b1f9b5a Revise docs for handler namespace (#680)
- 5c18afe Modify return type of DataSnapshot.forEach to `boolean | void` (#666)
- df35c1b fix: onCreate, onUpdate and onDelete receive a DocumentQuerySnapshopt (#670)
- 1dde3db [firebase-release] Removed change log and reset repo after 3.6.1 release
- 1fb57c5 3.6.1
- 2784d5d Update TypeScript dependency to v3.8 to fix build issues (Issue #667) (#668)
- d3e8951 [firebase-release] Removed change log and reset repo after 3.6.0 release
- c9a3a0e 3.6.0
- 95d4a4a Update CHANGELOG.md (#640)
- 7f4c957 Enable users to define async HTTP functions (#651)
- e1df823 Adding testlab event to eventTypes list (#649)
- 468455d Updating docs TOC with Testlab paths. (#643)
- 5250110 Add support for europe-west3 region. (#627)
- 0921c78 [firebase-release] Removed change log and reset repo after 3.5.0 release
See the full diffPackage name: sharp
The new version differs by 250 commits.- 1ff84b2 Release v0.29.3
- 97655d2 Bump deps
- d10d7b0 Docs: remove duplicate entry for mbklein (#2971)
- 2ffdae2 Docs: changelog and credit for #2952
- 342de36 Impute TIFF xres/yres from withMetadata({density})
- b33231d Ensure correct dimensions when contain 1px image #2951
- 319db21 Release v0.29.2
- d359331 Remove animation props from single page images #2890
- 7ae1513 Bump devDeps
- 648a1e0 Throw error rather than exit for invalid binaries #2931
- b9f211f Docs: changelog for #2918
- e475d9e Improve error message on Windows for version conflict (#2918)
- f37ca82 Bump deps
- 1dd4be6 Add timeout function to limit processing time
- 197d4cf Docs: changelog and credit for #2893
- 83eed86 Docs: clarify prebuilt libc support on ARMv6/v7
- bbf612c Replace use of deprecated util.inherits
- 2679bb5 Allow use of 'tif' to select TIFF output (#2893)
- 481e350 Ensure 'versions' is populated from vendored libvips
- 50c7a08 Release v0.29.1
- 9a0bb60 Bump deps
- deb5d81 Docs: changelog entries for #2878 #2879
- 916b04d Allow using speed 9 for AVIF/HEIC encoding (#2879)
- 52307fa Resolve paths before comparing input/output destination (#2878)
See the full diff